Encryption gets business boost

Security software maker Baltimore Technologies introduces a suite of new products that puts public-key encryption to work in business settings.

22 October 20028:29 pm BST

Troubled security software maker Baltimore Technologies is hoping to boost the adoption of public-key encryption by building the technology into a new suite of products.

Public-key encryption is used to secure electronic transactions and to digitally sign important documents such as contracts and legal forms. Baltimore creates some of the building blocks for conducting such transactions and allows third parties to verify the identity of digital signatures--a system known as the public-key infrastructure (PKI).

Baltimore is one of the leading PKI developers, but it has seen its fortunes crumble in recent years. During the past 12 months, it has halved its work force and the value of its U.K.-traded shares has plunged.

Repackaging its PKI technology into business suites is part of a strategy to widen the appeal of PKI--and boost Baltimore's revenue.

Richard Kinsella, marketing manager for Baltimore's Global Solutions Group, acknowledged the problems that PKI has experienced. "We have seen PKI used in governments, but the technology is probably very confusing for most businesses," he said. "PKI has been a technology, but now we're trying to turn it into a business solution."

The result, Trusted Business Suite, is a set of business modules offering security for networking, messaging and document-sharing. The suite consists of modules, each of which sits on a core engine called the Baltimore Applied Solutions Engine (BASE).

"One of the unique things BASE provides is centralized management, so that administrators can control users and solution modules from one screen," Kinsella said. "It also allows administrators to delegate administration to business line managers, so a human resources manager can control the security privileges of the 20 or so people who report to them."

BASE uses Baltimore's certificate management product, Unicert, together with the company's Select Access technology, but it is not a move away from these products, Kinsella said. "It is simply to make Unicert usable for departmental work. Unicert itself still holds for large infrastructure-type projects."

Three suites are available: Trusted Networks, Trusted Messaging and Trusted Workplace. Trusted Networks covers VPN (Virtual Private Network) and trusted Web access, with single sign-on and Web-based authentication. The Messaging product provides safeguarded access to e-mail, and the Workplace product is for documents and forms.

Trusted Documents, one of the Trusted Workplace components, "allows any file to be digitally signed and encrypted, and you can add a toolbar in (Microsoft) Word, Excel or (Adobe) Acrobat to make it easy to encrypt documents," Kinsella said.

The product includes an Acrobat-like reader application. "This lets you sign and encrypt electronic documents and distribute them to third parties who can read them and verify signatures and certificates, even if they don't have their own PKI-aware applications," he said.

Baltimore's reader software could go some way toward addressing one of the major criticisms of PKI: that it is only useful when everyone else has it.

"When only a few people have it, it is not worth adopting," Whitfield Diffie, chief security officer of Sun Microsystems, said at the recent RSA security conference in Paris.